An IAM user or an AWS Account can request temporary security credentials (see Making Requests) using the AWS SDK for PHP
and use them to access Amazon S3. These credentials expire when the session duration
expires.
By default, the session duration is one hour.
If you use IAM user credentials, you can specify the duration, between 1 and 36
hours,
when requesting the temporary security credentials.
For more information about temporary security credentials,
see Temporary Security Credentials in the IAM User Guide.

Create an instance of an Amazon S3 client by using the
Aws\S3\S3Client class
factory() method
with the temporary security credentials you obtained in the preceding step.

Any methods in the S3Client class that you call use the
temporary security credentials to send authenticated requests to Amazon S3.

The following PHP code sample demonstrates how to request temporary security credentials
and use them to access Amazon S3.

Copy

use Aws\Sts\StsClient;
use Aws\S3\S3Client;
// In real applications, the following code is part of your trusted code.
// It has your security credentials that you use to obtain temporary
// security credentials.
$sts = StsClient::factory();
$result = $sts->getSessionToken();
// The following will be part of your less trusted code. You provide temporary
// security credentials so it can send authenticated requests to Amazon S3.
// Create an Amazon S3 client using temporary security credentials.
$credentials = $result->get('Credentials');
$s3 = S3Client::factory(array(
'key' => $credentials['AccessKeyId'],
'secret' => $credentials['SecretAccessKey'],
'token' => $credentials['SessionToken']
));
$result = $s3->listBuckets();

Note

If you obtain temporary security credentials using your AWS account security credentials,
the
temporary security credentials are valid for only one hour. You can specify the
session duration only if you use IAM user credentials to request a
session.

Example of Making an Amazon S3 Request Using Temporary Security Credentials

The following PHP code example lists object keys in the specified bucket using temporary
security credentials.
The code example obtains temporary security credentials for a default one hour
session and uses them to send authenticated request to Amazon S3. For information
about running the PHP examples in this guide,
go to Running PHP Examples.